It’s been a while since I’ve posted anything, so I thought I would post about setspn, because you know, it’s so awesome right?
So one of the projects I’ve been working on lately is the upgrade to SCCM 2012. Outside of a few things it’s been going very well. We ran into an issue though when we rolled out the production server. Maybe I’ll write a post for that, needless to say part of the solution is SPN’s.
Now, I’m no stranger to this tool, but needless to say it leaves a LOT to be desired. Especially when we consider this came out for Windows Server 2003! So, since I had to do some work with SPN’s I decided I needed a PowerShell way of handling this.
There is really only handful of things we ever need setspn for, add an spn to an object, get an spn for an object, remove an spn from an object, find an spn or find duplicate spns.
This will reset the SPN for the given hostname.
Asd-Spn -Service -Name -HostName -NoDupes
This will add an SPN to a given host and optionally check for duplicates within the domain first.
Remove-Spn -Service -Name -HostName
This removes an SPN from a given host.
This will return the SPN’s for a given host.
Find-Spn -Service -Name
This will find all SPN’s of a given service, or of given name, or both.
This will find all duplicate SPNs within the domain or optionally the entire forest.
Currently my functions are just wrappers for setspn.exe but I’m planning a V2 that will leverage .NET to handle this. I don’t get a lot of flexibility in error handling and output when I use a stand alone command.
- I want to return objects
- I want to be able to not have dependencies
- I want the flexibility of .NET